/**
* Function to authenticate user
* @param string $username user name
* @param string $password password
* @return boolean
* **/
public function authenticate($username, $password)
{
$userRow = \R::findOne($this->_name, '(user_name = :un OR email = :un) AND status =1', array(":un" => $username));
if ($userRow) {
// check if password is expired or not
$isPasswordExpired = strtotime($userRow->pwd_exp_time) - time() <= 0;
if ($isPasswordExpired) {
return self::ERROR_USER_PWD_EXPIRED;
}
//check if user is locked or not
$isUserLocked = $userRow->locked == 1 ? true : false;
if ($isUserLocked) {
return self::ERROR_USER_LOCKED;
}
if (md5($password . $userRow->salt) == $userRow->password) {
// clear invalid login attempts
$objInvalidAttempts = new UserLoginAttempts();
$objInvalidAttempts->clearInvalidLoginAttempts($username);
//write user data in session
\utilities\Registry::setRegistry('user', $userRow->export());
return true;
}
return false;
}
return self::IDENTITY_NOT_FOUND;
}
